[dns-operations] [Ext] Re: Denying Whois DB by GeoIP

Richard Clayton richard at highwayman.com
Mon Jun 12 10:07:59 UTC 2017

Hash: SHA1

In message <e7522cd4160c4c71996b0acf8c0a4fd2 at PMBX112-W1-CA-
1.PEXCH112.ICANN.ORG>, Leo Vegoda <leo.vegoda at icann.org> writes

>Doug Barton wrote:
>> You might also consider the decades of research that has
>> gone into demonstrating that spammers don't bother
>> harvesting e-mail address from whois data.
>Adding to all the anecdata, the only research I am aware of on this topic 
>concluded that spammer do harvest e-mail addresses from whois records:
>Maybe things have changed since 2007. But I doubt it.

everything changes...

... but here's an academic write-up of the work that Leontiadis &
Christin did for ICANN in 2013 alongside the report I did on privacy and
proxy registrations (the L&C document presumably also exists as an ICANN
document, but my Google-fu doesn't immediately find that version).

They were interested not just in spam but snail mail "invoices" as


Abstract: WHOIS is a publicly-accessible online directory used to map
domain names to the contact information of the people who registered
them (registrants). Regrettably, registrants have anecdotally complained
about their WHOIS information being misused, e.g., for spam, while there
is also concrete evidence that maliciously registered domains often map
to bogus or protected information. All of this has brought into question
whether WHOIS is still needed. In this study, we empirically assess
which factors, if any, lead to a measurable degree of misuse of WHOIS
data. We register 400 domains spread over the five most popular global
top level domains (gTLD), using unique artificial registrant identities
linked to email addresses, postal addresses, and phone numbers under our
control. We collect, over six months, instances of misuse targeting our
artificial registrants, revealing quantitative insights on both the
extent and the factors (gTLD, domain type, presence of anti-harvesting
mechanisms) that appear to have statistically-significant impact on
WHOIS misuse.

- -- 
Dr Richard Clayton                               <richard.clayton at cl.cam.ac.uk>
Director, Cambridge Cybercrime Centre                mobile: +44 (0)7887 794090
Computer Laboratory, University of Cambridge, CB3 0FD   tel: +44 (0)1223 763570

Version: PGPsdk version 1.7.1


More information about the dns-operations mailing list